Application Security Engineer
Location:Offsite, Seattle, Washington, US
Area of InterestSecurity
As a Senior Application Security Engineer at Meraki, you will be a key member of a team that prevents, finds, and fixes vulnerabilities in our products, services, and enterprise. You will partner with teams across the organization to perform architecture reviews, code security reviews, and promote secure development practices. You will seek out opportunities to build security into development pipelines and capture the data you need to understand the security posture of our systems.
Meraki Security Engineers affect change across the entire stack, from the UI and backend to the device firmware. By acting as a guardian of our customers’ networks and deployments, you will have a direct, immediate, and significant impact on our customers and the hundreds of millions of users who rely on Meraki access points, switches, security appliances, cameras, and mobile device management solutions every single day.
At Meraki, we are passionate about building real products that our customers love! We believe in fostering a positive culture by hiring, mentoring, and empowering smart, helpful, humble people and providing equal opportunities for all employees to thrive. With the support of management, we constantly look within for ways to improve organizationally. We maintain a positive relationship with Cisco that gives us the stability and resources of a larger company without sacrificing our startup vibe. We are confident you will love it here!
Example projects for a senior security engineer:
- Perform architecture and code review of complex cloud-based systems
- Write code to integrate security services into our CI/CD pipelines
- Lead security assessments and application penetration tests
- Work with engineers and leaders to help prioritize and remediate vulnerabilities
- Collaborate with software engineers across product teams to refine the security of our cloud technologies and deployment practices
You are an ideal candidate if you:
- Have 5+ years of experience in application security testing and architecture review
- Have a background in code development or source code review
- Can write your own security tools
- Understand and recognize common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
- Can lead major security initiatives and drive projects to completion
- Have a deep knowledge of key security concepts such as authentication, authorization, encryption, role-based access control, and security by design
- Have the ability to explain sophisticated security problems and provide expert advice on secure design practices
Bonus points for:
- Experience with enterprise cloud solutions and serverless applications
- A BS/MS/Ph.D in Computer Science, Computer Engineering, Information Security, Security Engineering, or a STEM field
- Experience using source-level debuggers, hardware/JTAG debuggers, network protocol analyzers, or logic analyzers to diagnose problems at all layers of the system
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.
At Cisco Meraki, we’re challenging the status quo with the power of diversity, inclusion, and collaboration. When we connect different perspectives, we can imagine new possibilities, inspire innovation, and release the full potential of our people. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.
Cisco requires all U.S. employees to be fully vaccinated or have an approved religious or medical accommodation. Candidates accepting an offer must provide proof of vaccination status on their first day. If someone anticipates requesting an accommodation for this requirement, they must receive approval before the start date. Candidates receiving an offer will receive additional information about the accommodation process at the time of the offer. All offers of employment are contingent upon complying with Cisco's vaccination policy.